search

ckotzbauer / sbom-operator

Catalogue all images of a Kubernetes cluster to multiple targets with Syft
MIT License
192 stars 26 forks source link

Clone fails with status 400 when trying to clone a private Azure DevOps repo #164

Closed GDWBaer closed 2 years ago

GDWBaer commented 2 years ago

When I try to configure a private Azure DevOps git repo as a target cloning fails with the following message:

level=error msg="Open or clone failed" error="unexpected client error: unexpected requesting \"https://*******@dev.azure.com/****/*************/_git/**************/git-upload-pack\" status code: 400"

I suspect the go-git lib to be responsible here as other people report similar issues: https://github.com/src-d/go-git/issues/335

This seems to have been solved for other projects by falling back to git client: https://github.com/argoproj/argo-cd/pull/1244

ckotzbauer commented 2 years ago

I'll have a look in the next few days. Thanks for the issue.

GDWBaer commented 2 years ago

I actually linked an outdated repo. Sorry. However the issue still exists in the new repo: https://github.com/go-git/go-git/issues/64

ckotzbauer commented 2 years ago

@GDWBaer I developed a fix in #171. It is released as ghcr.io/ckotzbauer/sbom-operator:0.17.0-alpha.0. Can you please test it with the new --git-username, --git-password and --git-fallback-clone flags and give feedback? I tested it with AWS CodeCommit and Azure DevOps and it worked.

GDWBaer commented 2 years ago

@ckotzbauer Thank you very much. I'll try to test it this week.

GDWBaer commented 2 years ago

@ckotzbauer I tested it with all three new flags. Cloning into the target git repo on DevOps worked well. However the --git-branch flag was not beeing respected in this context so that the new SBOMs ended up in the master branch. Additionally I tested to combine the --git-fallback-clone flag in the helm-chart with the SBOM_GIT_ACCESS_TOKEN from secret which did not work out. May I suggest adding a settable variable for the docker image tag to the helm chart? This would speed up debugging for me since had to edit the chart yaml in the cluster. ;)

ckotzbauer commented 2 years ago

Much thanks for testing 🎉

However the --git-branch flag was not beeing respected in this context so that the new SBOMs ended up in the master branch.

Uh, yes I forgot about the branch-parameter, I'll fix that. 😉

Additionally I tested to combine the --git-fallback-clone flag in the helm-chart with the SBOM_GIT_ACCESS_TOKEN from secret which did not work out.

Hm, yes. Currently with the fallback-clone active the token is not respected (only username and password). I'll try to integrate that as well.

May I suggest adding a settable variable for the docker image tag to the helm chart? This would speed up debugging for me since had to edit the chart yaml in the cluster. ;)

You can overwrite the tag in the helm-chart: https://github.com/ckotzbauer/helm-charts/blob/main/charts/sbom-operator/values.yaml#L7. The version from Chart.yaml is only a fallback.